“The futex syscall can leave a queued kernel waiter hanging on the stack. By manipulating the stack with further syscalls, the waiter structure can be altered. When later woken up, the altered waiter can result in arbitrary code execution in ring 0,” Cook said when explaining the bug.

Pinkie Pie of course has proved more than adept at finding additional bugs in Chrome and Chrome OS – many of them sandbox exploits – at both Pwnium and Pwn2Own competitions over the last few years.

Another issue (CVE-2014-3144/CVE-2014-3145) where-in a local user could also cause a DoS situation via BPF instructions, was also fixed yesterday.

Debian is encouraging Linux users to upgrade their packages and points out that the issue has been fixed in the stable distribution, version 3.2.57-3+deb7u2, and will be fixed in the unstable distribution soon.

A bug similar to the futex one – one that apparently existed for five years – was patched last month in Linux kernel. A problem with the “n_tty_write function” could have let local users cause denial of service attacks, gain privileges or run malicious code.

About Chris Brook

"Distrust and caution are the parents of security" - Benjamin Franklin

In the second quarter of 2015 Kaspersky Lab solutions detected and repelled a total of 379,972,834 malicious attacks from online resources. There were 5,903,377 registered notifications about attempte...

Innovative technologies are conquering the financial market, opening up new opportunities for startups. The volume of investment in projects for the banking sector is constantly growing, as is its pot...